This Policy was last updated on March 2, 2021. We may modify this Policy from time to time. We will provide you with notice of any material changes to this Policy by publishing or communicating the changes through our Site or by other means so that you may review the changes before continuing to use our Site. Your continued use of the Site after we publish or communicate a notice about any changes to this Policy means that you are consenting to the changes.
Accountability and Openness/Compliance
InMed is responsible for personal information under our control. We have established policies and procedures to effectively safeguard any confidential personal information that we collect, and to deal with complaints and inquiries. We are committed to maintaining the accuracy, confidentiality and security of your personal information, and we will ensure that you have access to information regarding the policies and procedures that we use to manage your personal information.
InMed has designated a privacy officer (“Privacy Officer”) who is accountable for our compliance with this Policy, and for ensuring that information about our policies and practices relating to the management of personal information is easily accessible. All questions or concerns regarding this Policy and our compliance with it should be directed to the Privacy Officer in writing and sent by email to [email protected].
or by mail to:
#310 – 815 West Hastings St.
Vancouver, BC, Canada
Every complaint or challenge regarding our compliance with this Policy will be investigated, and where a deficiency is found to exist, we will take appropriate measures to address it. This may include amending our policies and procedures as necessary. We will also cooperate with regulatory authorities to resolve any complaints that cannot be resolved between us and an individual user.
If you are located in British Columbia, you may contact the Office of the Information & Privacy Commissioner for British Columbia at P.O. Box 9038 Stn. Prov. Govt., Victoria, B.C. V8W 9A4 or with any complaints regarding this Policy. Users may also contact the Office of the Privacy Commissioner of Canada at 30 Victoria Street, Gatineau, Quebec K1A 1H3.
Except as expressly provided in this Policy or as otherwise permitted by law, consent is required for the collection of personal information and the subsequent use or disclosure of that information. Consent may be express or implied. For consent to be meaningful, it must be informed consent and will only be valid if it is reasonable to expect that the individual understands the nature, purpose and consequences of the collection, use or disclosure of the personal information to which they are consenting. Typically, we will seek consent in advance or at the time of collection, and make reasonable efforts to ensure that you understand the purpose(s) for which we will use or disclose the information. In certain circumstances, we may seek consent regarding use or disclosure after the information has been collected, but before use, such as when we wish to use personal information already in our possession for a purpose that was not previously identified.
By voluntarily submitting your personal information or otherwise using the Site, you signify your agreement to the terms and conditions of this Policy and to our collection, use and disclosure of your personal information as set out herein. You may change or withdraw your consent to the collection, use or disclosure of your personal information at any time by contacting the Privacy Officer in writing at one of the addresses listed above (see: Accountability and Openness / Compliance). In some circumstances, a change or withdrawal of consent may affect your ability to use the Site.
Collection and Retention of Information
We collect Personal Information only to the extent that it is necessary for the purposes set out below (see: Purpose – Why We Collect, Use and Disclose Information).
Subject to any legal or accounting requirements, we will retain personal information only if necessary to fulfill the purposes for which it was collected. Personal information that is no longer required will be destroyed, erased or made anonymous, although copies of deleted information may continue to exist on back-up media.
Information that we may collect may include User Submitted Information. We collect personal information that users submit through their use of the Site, such as your name, email address and other contact information when you sign up for our mailing list or contact us through the Site.
We collect certain non-identifying information about usage of the Site, including information about how users are using the Site and the characteristics of those users. This information is anonymized and is not used by us to identify you as an individual.
Technical and Device Information
We collect certain non-identifying information related to a user’s access of the Site, including the Internet Protocol (IP) address of the user’s computer, the date and time the user accessed the Site, and the operating system that the user is using. We make no attempt to link this information with the identity of individuals visiting the Site without express permission. We may, however, review server logs and anonymous traffic for system administration and security purposes, for example to detect intrusions into our network, for planning and improving the Site, and to monitor and compile statistics about Site usage. The possibility therefore exists that server log data, which contains users’ IP addresses, could in instances of criminal malfeasance be used to trace and identify individuals. In such instances, we may share raw data logs with the appropriate authorities for the purpose of investigating security breaches.
A “cookie” is a small piece of information stored on your computer by a web page. It is used to identify you to the web server. It tells the server who you are when you return to a page on the same website. Your browser will only send a cookie back to the domain that originally sent it to you. A cookie cannot run any programs, deliver any viruses, or send back information about your system.
Purpose – Why We Collect, Use and Disclose Information
We will identify the purposes for which we collect personal information before or at the time we request the information. We will not collect personal information which is not necessary and, except as specified below, will not use or disclose personal information for any purpose other than the purpose(s) for which it was collected without first obtaining your consent. The information that we collect is used and disclosed only for business purposes. These include:
- to enable you to access and use the Site;
- to process, track and communicate with you about usage of the Site;
- to establish, maintain and manage business relations with you so that we may provide you with the information, products or services that you request;
- internal business purposes, such as administering or improving the Site;
- to perform internal market research and conduct polls and surveys;
- to obtain feedback regarding the Site;
- to provide users with information and promotional materials regarding InMed and InMed’s affiliates and partners;
- to protect us against error, fraud, theft or damage to our business or our property;
- to comply with any legal, accounting and regulatory requirements, including reporting requirements, applicable laws, and any search warrants, subpoenas or court orders; and
- any other reasonable purpose for which you provide consent.
Where personal information that has been collected is to be used for a purpose not previously identified, and for which consent cannot be reasonably implied, the new purpose will be identified and consent obtained prior to the use of that information for the new purpose unless otherwise permitted by law.
Disclosure to Third Parties
In the course of providing the Site to you, we may delegate our authority to collect, use or disclose your information to third party subcontractors. Third party subcontractors may include web hosts, payment processors, delivery and logistics providers and social network integrators. If we transfer any personal information to a third party subcontractor, we will provide the subcontractors only with the information needed to perform the subcontracted service, and will use appropriate contractual or other means to provide a comparable level of protection while the information is being used by them.
We may disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law, government request, request of a law enforcement agency, search warrant, subpoena or court order, or based on our good faith belief that it is necessary to do so in order to comply with such law, request, warrant, subpoena or court order, or to protect our business or assets, users of the Site, or the public.
Safeguards – How Information is Protected
We maintain reasonable security safeguards to protect personal information in our possession or under our control from loss or theft, and from unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. The safeguards applied will depend on the sensitivity of the personal information, with the highest level of protection given to the most sensitive personal information. We use user IDs, passwords and encryption technology, and restrict the employees and contractors who have access to personal information to those having a “need to know” and who are bound by confidentiality obligations in order to ensure that information is handled and stored in a confidential and secure manner. When destroying personal information, we delete electronically stored personal information and shred any tangible materials containing personal information. While we will endeavor to destroy all copies of personal information, you acknowledge that deleted information may continue to exist on back-up media but will not be used unless permitted by law.
We will continually review and update our security policies and controls as technology evolves. However, no security technology can be guaranteed to be failsafe. Using the Internet or other public means of communication to collect and process personal data may involve the transmission of data on an international basis and across networks not owned and/or operated by us. Therefore, by using the Site and/or communicating electronically with us, you acknowledge and agree to our processing of personal information in this way and agree that we are not responsible for any personal information which is lost, or which is altered, intercepted or stored by a third party without authorization.
InMed has a responsibility to ensure that all personal information contained in our records or which is disclosed to third parties for the purposes described above is accurate, complete and up-to-date. You may make a request in writing for access to your personal information. Except as permitted or required by law, we will inform you of your personal information held by us, and provide an account of the use that has been made of the information, as well as identify any third parties to whom the information has been disclosed. You may have reasonable access to your personal information, and if you demonstrate the inaccuracy or incompleteness of personal information, the information will be amended as appropriate. You should advise us immediately if you discover inaccuracies in our data, if your personal information changes, or if you wish to have your information removed from our files. All notices and requests should be in writing and sent to the Privacy Officer at one of the addresses listed above (see: Accountability and Openness / Compliance).
International Transfer and Storage of Information
You acknowledge and agree that your personal information may be transmitted, transferred, processed, and/or stored outside of Canada, including in the United States, and therefore may be available to governmental authorities under lawful orders and laws applicable in such jurisdictions. We will use reasonable means to ensure that your information is protected, but cannot guarantee that the laws of any foreign jurisdiction will accord the same degree of protection as the laws of Canada.
Third Party Content and Links to other Sites
The Site may contain optional links to third party Internet websites and services. You acknowledge that these third parties may collect data from users or their computers. The accessing and use of third party websites or services is at your own risk, and we cannot assume responsibility for the privacy practices, policies or actions of the third parties who operate those websites or services. This Policy applies only to the InMed Site, and we encourage you to review the privacy policies of any third parties when using their websites or services.
Minors (persons under the age of majority as defined in your jurisdiction) are not eligible to use the Site unsupervised, and we request that minors do not submit any personal information to us. If you are under the age of majority in your jurisdiction, you may only use the Site in conjunction with and under the supervision of a parent or guardian. InMed does not knowingly collect personal information from minors.